Archives for April 2013

For many, collecting and maintaining logs is a compliance requirement. But IT leaders will soon discover that there are many other practical reasons for maintaining logs. Access today’s resource to uncover ways in which log management can tighten data security and boost overall IT performance.

Advanced cyber attacks hit businesses 20 times an hour on average, according to researchers at security firm FireEye.

This indicates just how pervasive advanced malware capable of evading traditional security defences has become, according to the firm’s latest advanced threat report.

Data gathered from 89 million malware events, along with direct intelligence uncovered by the research team, shows that many cyber attacks routinely bypass traditional defences such as firewalls, intrusion prevention systems, anti-virus and security gateways.

While enterprises experience a malware event up to once every three minutes on average, the report said the rate of malware activity varies acrossindustries, with technology companies experiencing the highest volume at up to one event a minute.

HIPAA mandates and meaningful use audits tighten up the security rules that healthcare providers must follow. At the same time, a fledgling mHealth landscape heightens the risk of data breaches. All the while, next-generation threats to the security of patient data are beginning to emerge, forcing healthcare CIOs to take a longer, harder look at upgrading patient data security.

Healthcare organizations can recognize and potentially evade patient data security threats by using gap analysis and security information and event management (SIEM) software, as well as log management, said three security leaders during a recent eiQnetworks-hosted webinar, “Unified Situational Awareness for Compliant and Secure Healthcare.”

“Data security is something I don’t think you can ever check the box for,” said Ken Beasley, director of information security and information security officer at Virginia Hospital Center in Arlington. “It’s always going to be changing. It’s something you’ll always have to watch.”

Beasley said that after he and his team saw a few cost assessments from initial HIPAA audits reported in the news — including fines that ranged from $100 to $1.5 million — they immediately hired a security risk analysis consultant, a step most practices are apt to begin with.

New focus is being paid to security concerns in Oracle’s widely used Java platform. Discoveries of new vulnerabilities, the proliferation of exploit kits and recent high-profile incidents, like the sophisticated zero-day attack against Facebook in February, have signalled a growing trend that isn’t slowing down.

In an effort to gain a deeper understanding of how widespread the current Java vulnerability landscape truly is, web security solutions provider Websense used its ThreatSeeker network to assess which versions of Java were actively being used across millions of customer endpoints.

Websense published the research findings at the end of March and in a recent interview with The Standard, Charles Renert, VP of research and development for Websense Labs, called the results “surprising”.

For the last two years users have increasingly been faced with messages like this and demands for money in exchange for access to their PCs. But these are not the actions of law enforcement, quite the opposite—it’s an example of ransomware. This paper looks in depth at ransomware variants and delivery mechanisms, and how you can protect your data with a complete security strategy.